Configuration management roles and playbooks for MSP infrastructure tools.
Prerequisites:
- Ansible 2.14+
- Python 3.8+
Install:
git clone https://github.com/example-org/zti-config.git
cd zti-config
make install # Install Ansible and dependencies
npm install # Install prettier (for markdown formatting)Run:
# Security baseline
ansible-playbook tools/ansible/playbooks/01-base-security.yml -i inventory/hosts.yml
# Full stack deployment
ansible-playbook tools/ansible/playbooks/99-full-stack.yml -i inventory/hosts.yml- wazuh_agent - Security monitoring agent
- system_updates - OS patching and maintenance
- firmware_updates - Firmware update management
- otel_collector - OpenTelemetry collector for observability
- headscale - VPN mesh network (6 roles + playbooks)
- authentik - Identity provider (16 roles + playbooks)
Numbered playbooks show dependency order:
01-base-security.yml - Wazuh security agent
02-system-updates.yml - OS and firmware updates
03-monitoring.yml - OpenTelemetry collector
04-vpn-mesh.yml - Headscale VPN
05-identity.yml - Authentik IdP
99-full-stack.yml - Complete deployment
- Quick Start - Getting started guide
- Roles Reference - Available roles and usage
- Collections - Headscale and Authentik setup
- Playbooks - Playbook examples and patterns
- Troubleshooting - Common issues and solutions
- Architecture - Repository design
- Adding Tools - Extension guide
zti-config/
├── tools/
│ └── ansible/ # Ansible configuration management
│ ├── roles/ # Standalone shared roles
│ ├── collections/ # Complete service projects
│ ├── playbooks/ # Example playbooks
│ ├── inventory/ # Sample inventories
│ └── docs/ # Detailed documentation
├── scripts/ # Utility scripts
├── docs/ # Architecture and guides
└── .github/ # CI/CD workflows
See CONTRIBUTING.md for guidelines.
MIT